Senior Manager, Group Information Security

About FWD Group

FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD's customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.

For more information, please visit

PURPOSE & ACCOUNTABILITIES

• As Senior Manager, Group Information Security - Cybersecurity Initiatives, Research and Talent at FWD Group, you will play a pivotal role in driving strategic cybersecurity innovation, research excellence, and program development across all markets. Reporting directly to the Group CISO, this role is instrumental in shaping the Group's future cybersecurity capabilities and ensuring alignment with business priorities, emerging threats, and global best practices.
• Constantly establish and maintain an up-to-date, broad and forward-looking understanding of the evolving cybersecurity landscape, with the right strategy, technologies, partnerships, and program structures in place. Ensure the Group is equipped to anticipate and respond to emerging risks, while fostering a culture of innovation and technical excellence across all cybersecurity domains.
• A leadership role with management responsibility through cross-functional teams performing diverse activities where the jobholder directs, coaches and oversees teams delivering Cybersecurity Strategic Initiatives, Emerging Technology Research, Threat Intelligence Programs, Industry Collaboration, Innovation Pilots, and Talent Strategy & Capability Development for the Group Information Security team.
• This role requires someone with in-depth knowledge of cybersecurity trends, innovation ecosystems, and talent dynamics across different markets and industries. The jobholder must be able to influence, negotiate and consult C-suite level stakeholders on strategic cybersecurity initiatives and research programs that have a significant impact on the Group's long-term resilience and competitiveness.
• This job has a sizable impact on the entire organization (CHN, HK, IDN, JPN, KHM, FWDIB, Takaful, PHL, SGP, THA and VNM), to the extent that its performance directly affects the Group's ability to stay ahead of emerging threats, maintain a robust and future-ready security posture, and build a high-performing Group Information Security team.

Security Research

• Lead the development of a cybersecurity research agenda focused on emerging threats, advanced defense techniques, and future-state security architectures.
• Collaborate with academia, industry bodies, and internal teams to drive thought leadership and innovation in cybersecurity.

Security Initiatives

• Design and execute strategic cybersecurity initiatives across all FWD markets to enhance threat resilience, operational efficiency, and security maturity.
• Align programs with business priorities, regulatory expectations, and evolving threat landscapes.

Strategic Projects

• Oversee the planning and delivery of high-impact cybersecurity projects that support FWD's digital transformation and cloud-first strategy.
• Ensure projects are delivered on time, within scope, and with embedded security-by-design principles.

Talent Management

• Develop and implement a development strategy for the Group Information Security team, focusing on capability building, career development, and succession planning.
• Foster a high-performance culture through targeted training, mentoring, and leadership development programs.

Information Security Culture & IS Caf

• Champion a strong security culture across the organization through awareness campaigns, engagement activities, and the IS Caf program.
• Promote cybersecurity as a shared responsibility and embed security into everyday business practices.

GIS Finance & Procurement

• Manage financial planning, budgeting, and procurement activities for Group Information Security.
• Ensure cost-effective sourcing of cybersecurity tools, services, and talent while maintaining compliance with procurement policies.

Cyber War Game

• Design and facilitate cyber war games and tabletop exercises to test incident response readiness and executive decision-making under simulated attack scenarios.
• Drive continuous improvement in crisis management and cyber resilience across all markets.

Emerging Cyber Risk

• Monitor and assess emerging cyber risks, including geopolitical threats, AI-driven attacks, and supply chain vulnerabilities.
• Provide strategic recommendations to senior leadership and integrate findings into risk management frameworks.

Board Information Security Training

• Develop and deliver tailored cybersecurity training for Board members and senior executives.
• Ensure leadership is equipped with the knowledge to understand cyber risks, regulatory obligations, and strategic implications.

Risk Reporting

• Define and maintain cybersecurity risk metrics, dashboards, and reporting frameworks.
• Provide regular updates to governance forums, senior leadership, and regulatory bodies on risk posture, trends, and mitigation efforts.

QUALIFICATIONS / EXPERIENCE

• Bachelor's or Master's degree in Information Security, Computer Science, Engineering, or a related field
• Minimum of 7 years of progressive experience in cybersecurity, with at least 5 years in a senior leadership role
• Proven track record in leading cybersecurity initiatives, strategic programs, and talent development within large, complex organizations
• Experience working across multiple jurisdictions and regulatory environments, preferably in financial services or insurance
• Strong stakeholder management and communication skills, with the ability to influence and engage C-suite and board-level executives
• Certifications such as CISSP, CISM, CISA, ISO 27001, or equivalent are highly desirable

KNOWLEDGE & TECHNICAL SKILLS

• Deep understanding of cybersecurity frameworks and regulatory standards (e.g., NIST CSF 2.0, ISO 27001, PCI DSS), with practical experience in applying them across multi-market environments.
• Strong grasp of technology and cyber risk drivers relevant to financial services and insurance sectors, including digital transformation, cloud adoption, and third-party ecosystems.
• Expertise in security strategy, architecture, threat intelligence, cyber forensics, and emerging technologies such as AI/ML, quantum resilience, and zero trust.
• Proficient in governance, risk, and compliance (GRC) practices, including control testing, assurance reviews, and integrated risk assessments.
• Experience in leading strategic cybersecurity initiatives and research programs, with the ability to translate insights into actionable outcomes.
• Skilled in developing and implementing Key Risk Indicators (KRIs), metrics, and dashboards for executive-level risk visibility and performance tracking.
• Familiarity with cloud-native security controls, automation tools, and secure-by-design principles to support scalable and resilient digital platforms.
• Strong knowledge of program and project management methodologies, with a proven track record of delivering complex, cross-border cybersecurity projects.
• Ability to translate technical risks into business language and influence senior stakeholders, including C-suite and board-level executives.
• Experience in managing cybersecurity-related finance and procurement processes, including budgeting, vendor selection, and cost optimization.
• Capable of designing and facilitating cyber war games and executive tabletop exercises to enhance incident response readiness and strategic decision-making.